Manage Flash in Chrome
Starting with Chrome 54 (October, 2016), Adobe Flash is no longer included with the Chrome browser or Chrome MSI. By default, Chrome installs Flash the first time a user encounters Flash content, and Chrome will continue to update Flash via the Chrome Component Updater.
For most organizations, we recommend you use the default settings. However, some IT admins may want to manage their users’ Flash experience. See below for how the changes starting with Chrome version 55 and later affect your organization.
Also, there are additional changes with the new feature HTML5 by Default launching in 2017. See Test HTML5 by Default below for details on how to prepare for this change.
Flash deployment recommendations for IT admins
You have two options:
Option 1: Allow Google to update Flash on your behalf (recommended)
Keep the Chrome Component Updater enabled (default). Flash will download and install (first time your users access Flash), and Flash will update as needed.
Option 2: You own the responsibility of updating Flash for your users.
Manually install and manage your company’s installation of Flash via the Adobe Flash MSI.
- Disable Component Updater using this policy.
- Download and deploy Flash to your users via the Adobe Flash MSI.
- Continue to update Flash for your users via the Adobe Flash MSI every time an update to Flash is released.
Google Chrome will not update the Adobe Flash dlls -- all updates are done manually by the IT admin (for example, re-deploying Adobe Flash updates via newer MSI packages). If Component Updater is left enabled, Chrome will choose to use either the Adobe Flash MSI dll or the Chrome plugin (whichever is newer).
Manage Flash by policy
You can manage how Flash playback happens using the DefaultPluginsSetting policy. We advise most IT admins to use the default setting 3 (Ask). To minimize user impact, you can whitelist internal and trusted sites that your users regularly access:
- PluginsAllowedForUrls - This whitelists certain URLs to automatically run Flash. You can enable internal Flash applications and sites that you trust by creating whitelists such as ["[*.]mycorp.com", "play.spotify.com"].
- PluginsBlockedForUrls - This blacklists certain URLs from accessing Flash content such as ["flashvideosite.com"].
When “3 = Ask” is set, users need to explicitly click on the content before it is available for viewing. With this setting, your user may see “Click here to Install Flash!" After the user clicks the link, they can click Allow.
Alternatively, your users may see a gray box with a puzzle piece and the error “Click to enable Adobe Flash Player.”
- Click the gray box that says “Click to enable Adobe Flash Player.”
- In the box that appears in the top-left, click Allow to run the Flash plugin.
Testing tip: We recommend you test this functionality on internal and trusted sites with Chrome 55, 56, 57, and Chrome Canary along with the DefaultPluginsSetting policy and URL whitelists with PluginsAllowedForUrls. If there are business-critical sites in your organization that require Flash, please message these changes accordingly to the affected users.
If you set DefaultPluginsSetting to “1 = Allow all sites to automatically run plugins,” ensures that Flash content to be played automatically.
If you set DefaultPluginsSetting to “2 = Block all plugins,” all Flash content will be blocked from being played on your users’ computers. This is not recommended for most organizations. Test before enabling this setting and only use it if you want to completely block all Flash content for your users.
Chrome is also changing the way it handles Flash vs. HTML5 content, and we want to make sure you’re aware of the changes and test for user impact. Starting in 2017 Chrome makes HTML5 the default experience, except for sites which only support Flash. For those, your users will be prompted to enable Flash when first visiting the site. Learn more
You can enable this feature on browsers running Chrome 55 and later by doing the following:
- Go to chrome://flags/#prefer-html-over-flash
- Under Prefer HTML over Flash, select Enabled from the drop-down.
- Click Relaunch Now at the bottom of the browser.
The browser will restart with the setting enabled.
You can also manage your plugin preferences at chrome://settings-frame/contentExceptions#plugins
We recommend you test and validate the sites your users need to access on the latest versions of Chrome and Chrome Canary to make sure your users can access the flash content they need to. You can test this feature with the DefaultPluginsSetting policy and creating URL whitelists via the policy PluginsAllowedForUrls discussed in the previous section.
If you have Chrome installed prior to version 54:
- If you have not modified Chrome's default settings, Chrome will continue to update Flash via the Component Updater.
If you are deploying Chrome for the first time:
- Via the MSI package or any other installer, Flash will not be included. If users visit a site that requires Flash and Component Updater is enabled, Flash will be downloaded and installed inline the first time a user needs Flash. If the Component Updater is disabled, Flash will not install and fail to run the Flash content.
- You also have the option to deploy Flash in your organization via the Adobe Flash MSI. Users in your organization will continue to receive Flash updates unless you disable the Component Updater, which is enabled by default.
- If you’re deploying Flash via the Adobe MSI and disable the Component Updater, you need to make sure to update it with every release to keep Flash updated throughout your organization. For instructions on downloading the Adobe Flash MSI, see the Adobe Flash Player Administration Guide (PDF).
If you don’t need Flash for your organization, you can disable the plugin to disallow your users from running Flash content.
The primary way to disable plugins is to set DefaultPluginsSetting = 2.
Optionally, if you want to fine tune how you disable plugins, you can set these policies:
Starting with Chrome 54, we removed Flash from our installer package, which means we no longer ship Flash with the Chrome MSI. Flash is downloaded as a component update from Google (also called Pepper Flash) when the user comes across their first Flash content in Chrome.
ComponentUpdatesEnabled is a new policy that exists to disable Component Updater for enterprises that want to deploy Flash via the Adobe Flash MSI. This is an advanced setting, and is not recommended for most enterprises.
If you deploy your own Flash dll via the Adobe Flash MSI, and leave Component Updater enabled, Flash will continue to be updated by Adobe’s dll and not Google's Flash dll.
If you disable Component Updater and still want users to be able to access Flash content, you must install Flash via the Adobe MSI.
This is an advanced setting, and most organization will likely keep the default selected, which will auto-install Flash from Google when your users come across Flash content in their browser.
See the warning box above for the consequences if you disable Component Updater without deploying the Adobe Flash MSI in a timely manner.